Every day I experience life in the world of healthcare IT, supporting 3000 doctors, 18000 faculty, and 3 million patients. In this blog I record my experiences with infrastructure, applications, policies, management, and governance as well as muse on such topics such as reducing our carbon footprint, standardizing data in healthcare, and living life to its fullest.

Wednesday, May 14, 2014

The JASON Report

On 4/09/2014, AHRQ released the JASON report, facilitated by Mitre. JASON is an independent group of scientists who advise the United States government on matters of science and technology.

The intent of the report is to make recommendations for a new healthcare IT architecture to accelerate interoperability.

When reading the report, it’s best to focus on the big ideas and ask how those concepts can be aligned with a a stepwise multi-year approach to address technology and policy challenges.

1. Like the PCAST report, which heavily inspired the JASON report, there is a stated need for a common mark-up language for healthcare including controlled vocabularies. Today, that language is the CCDA and the vocabularies are available from the National Library of Medicine’s Value Set Authority Center. In the next few years, it’s likely that Fast Health Interoperable Resources (FHIR) will become the new markup language, given that it is simpler to implement and parse than the existing CCDA. The work to refine FHIR is already in progress at HL7 and the HIT Standards Committee. The report distinguishes between the medical “chart” or “record” data verses structured data storage. There is valuable research work in progress and emerging products to leverage natural language processing, turning unstructured notes into actionable knowledge.

2. The report notes the importance of application programming interfaces (APIs) to support architectures that are agnostic as to the type, scale, platform, and storage location of the data. In Meaningful Use Stage 2, the interoperability focus is on push models - sending data from one EHR to another EHR as structured, importable information. I agree that our next areas of focus should be query/response. API is a very general term and Massachusetts (MassHIWay) has created the necessary RESTful and SOAP approaches to support populating a master patient index, consent/privacy preferences, and real time query of healthcare data. The MassHIWay is very well aligned with the first phase architecture that Jason recommends as a good starting point to accommodate real-world constraints, per the graphic below.

3. The report suggests that all data be encrypted at rest and in motion. Meaningful Use already requires encryption of data in motion. HIPAA requires compensating controls for data at rest, one of which is encryption of client devices.

4. The report describes separation of key management from data management. The Direct protocol, which is a required part of Meaningful Use Stage 2, implements certificate management to ensure security and data integrity from point of data origin to point of use. The report describes highly granular consent, enforced with certificates. That principle is similar to the S&I framework Data Segmentation for Privacy work, which has been codified in HL7 standards.

5. The report notes that data should be surrounded with corresponding metadata, context, and provenance information. EHRs typically include time/date stamps, authorship information, and other contextual information with most transactions, so the suggestion is reasonable.

6. The report suggests that EHR data be represented as discrete data elements (atomic data) with associated metadata. The Meaningful Use Common Data set for Stage 2 already requires that.

7. The report recommends adoption of the “robustness principle”: be liberal in what you accept and conservative in what you send. The 2015 Notice of Proposed Rulemaking suggests that certification in 2015 include testing of that principle.

8. The report identifies a need to support clinical trials and clinical research while also protecting patient privacy. The I2B2 project, which has been further generalized by the ONC QueryHealth project, is a good start.

My implementation suggestions for ONC and the Standards Committee to implement JASON recommendations are summarized as

2 comments:

Note that the DS4P method is now more broadly standardized as it is now accepted into the IHE metadata model for all patterns. Both as a USA extension and more generally as the HCS security-Tag system.

PCAST was conceptually useful for a brief moment of discussion, until the realization sank in that it was a greenfield fantasy with no credible roadmap proceeding from the current state of health data services. The JASON report strikes me as a slightly more practical starting point for (brief) discussion in the sense that it offers a roadmap that is at least rooted in existing standards for structured data. But utopian health care data fantasies need to stop imagining perfectly structured data elements that are well behaved and instead start from the messy current state of the data. Imagining an intelligent swarm of perfectly meta-tagged atomic data payloads only works if the individual data payloads are recorded and curated with sufficiently complete and reliable data quality control. My perspective is that the CAP Consulting white paper "Our National Rush to the EHR" (Sept. 2013) correctly pinpoints the devastating GIGO conundrum faced by health care.